I like the graphics in the system documentation very much - they help a lot in teaching how today a structurally secure operating system can / should be built.
In the main architecture graphic, I added a Template VM in order to show this important concept right at the beginning of my lecture:
Also, in the graphic showing the interconnections between different qubes, I changed the connection of sys-whonix to the outside world. In the standard configuration, sys-whonix is not directly connected to the external network but instead to sys-firewall, such that the only external connection is from sys-net:
Perhaps you could consider if these changes make sense?
Anyhow, I think that the current documentation is great, and this holds true especially if you compare it with a large part of the Windows or Ubuntu documentation!
I wish I had that lecture in my operating systems class
Well spotted. I wonder if this is intentional or not. Perhaps itās just a mistake and should be corrected. On the other hand it might be there to reduce the mental load (even if not technically correct).
Just a quick suggestion on your change: perhaps you can switch the order of the green boxes to reduce the wiring complexity: (from top to bottom) network hardware, sys-net, sys-firewall and lastly sys-whonix.
I also quite like them. I even think these should be broken down into maybe three diagrams from a very basic view to a more complex and accurate view for educational purposes.
Thank you, @GWeck. These changes make sense to me, but we would want to have the devs incorporate the changes into the original source files. I believe @fepitre is the one handling these.
@adw The changes I made were just quick fixes in the downloaded pictures, which I could not really edit. Surely any changes have to be made by the diagram creators.
@deeplow That sequence of the green boxes would surely simplify the graphic. A good sequence of diagrams for teaching, in my opinion, is the following (in https://www.qubes-os.org/attachment/):
wiki/QubesArchitecture/qubes-schema-v2.png
site/qubesosdiagram.png
wiki/posts/qubes-components.png
wiki/QubesArchitecture/qubes-components.png
(The last two are nearly identical; I Prefer the first of them.)
wiki/TemplateImplementation/TemplateSharing2.png
ā¦ and, as a look into the future:
wiki/posts/qubes-cloud.png
wiki/posts/qubes-cloud-hybrid.png
wiki/posts/qubes-airgap.png
The reaction of my students to these diagrams and the resulting discussions are generally very positive.
I couldnāt find all the sources for the diagrams but some of them are in the latest version on this fork by @fepitre and you can edit them with app.diagrams.net (foss):
For this one, it makes more sense to me to view it upside-down: VMs on top; hardware on the bottom, following the typical logic of high-level being on top and low-level being bellow.
I think from the second to the third the colors and positions of the VMs could match. Not that it makes a lot of difference, but the mapping may make things even more apparent.
If we think any of these changes weāre discussing are valuable, maybe we could open a github issue and related pull requests addressing them?
I can manage to recreate or if someone is doing it, the bottom part because like others, I did not found the sources. Then, we can discuss with @marmarek what to put as update and new part into the documentation. Maybe it is worth to merge my branch https://github.com/fepitre/qubes-diagrams/tree/newversion into QubesOS master one?
Current diagram looks pretty good. One question I wanted to ask here is that we are going from red sys-net to green sys-firewall. Is it okay to consider sys-firewall green.
Yes, sys-firewall is green by default in Qubes. Basically, sys-firewall is responsible for enforcing your firewall rules. Itās not exposed and untrusted the way sys-net is.
Publishing here the final version that is now live on the website. Thank you all for the feedback and @GWeck for the ideas and for starting the discussion.
